Lucene search

UbuntuUSN-5052-1

HistoryAug 26, 2021 - 12:00 a.m.

MongoDB vulnerability

2021-08-2600:00:00

ubuntu.com

113

mongodb

session persistence

ubuntu 20.04 lts

ubuntu 18.04 esm

elevated privileges

remote attacker

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

Releases

Ubuntu 20.04 LTS
Ubuntu 18.04 ESM

Packages

mongodb - Document-oriented database

Details

MongoDB would fail to properly invalidate existing sessions for deleted
users. This could allow a remote authenticated attacker to gain elevated
privileges if their user account was recreated with elevated privileges.

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchmongodb-server< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2UNKNOWN
Ubuntu20.04noarchmongodb< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2UNKNOWN
Ubuntu20.04noarchmongodb-clients< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2UNKNOWN
Ubuntu20.04noarchmongodb-clients-dbgsym< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2UNKNOWN
Ubuntu20.04noarchmongodb-server-core< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2UNKNOWN
Ubuntu20.04noarchmongodb-server-core-dbgsym< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2UNKNOWN
Ubuntu18.04noarchmongodb-server< 1:3.6.3-0ubuntu1.3UNKNOWN
Ubuntu18.04noarchmongodb< 1:3.6.3-0ubuntu1.3UNKNOWN
Ubuntu18.04noarchmongodb-clients< 1:3.6.3-0ubuntu1.3UNKNOWN
Ubuntu18.04noarchmongodb-clients-dbgsym< 1:3.6.3-0ubuntu1.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.04	noarch	mongodb-server	< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2	UNKNOWN
Ubuntu	20.04	noarch	mongodb	< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2	UNKNOWN
Ubuntu	20.04	noarch	mongodb-clients	< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2	UNKNOWN
Ubuntu	20.04	noarch	mongodb-clients-dbgsym	< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2	UNKNOWN
Ubuntu	20.04	noarch	mongodb-server-core	< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2	UNKNOWN
Ubuntu	20.04	noarch	mongodb-server-core-dbgsym	< 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2	UNKNOWN
Ubuntu	18.04	noarch	mongodb-server	< 1:3.6.3-0ubuntu1.3	UNKNOWN
Ubuntu	18.04	noarch	mongodb	< 1:3.6.3-0ubuntu1.3	UNKNOWN
Ubuntu	18.04	noarch	mongodb-clients	< 1:3.6.3-0ubuntu1.3	UNKNOWN
Ubuntu	18.04	noarch	mongodb-clients-dbgsym	< 1:3.6.3-0ubuntu1.3	UNKNOWN